3 Installing the Oracle Audit Vault Server

This chapter includes an overview of the major steps required to install single instance Oracle Audit Vault Server (Audit Vault Server) and to install Audit Vault Server with Oracle Real Application Clusters (Oracle RAC).

Log in as the oracle user. Alternatively, switch the user to oracle using the su - command. Change your current directory to the directory containing the installation files. Start Oracle Universal Installer from the Oracle Audit Vault package.

Oracle Universal Installer starts up by first checking the following installation requirements and displaying the results. For example, it shows what the value should be or must be greater than or at least equal to, then the actual value for each check and the check result status: Passed or Failed.

Enter the following information on the Basic Installation Details page. See Section 3.6 for more information about each of these topics.

Audit Vault Name – A unique name for the Oracle Audit Vault database. The Oracle Audit Vault name is required. The name will be used as the database SID, and will be the first portion (db_name) of the database service name.

Audit Vault Home – Specify or browse to find the path to the Oracle Audit Vault Home where you want to install Oracle Audit Vault.

Audit Vault Administrator and Audit Vault Auditor – The account name of the Oracle Audit Vault Administrator and a separate, optional Oracle Audit Vault Auditor, respectively. The Oracle Audit Vault administrator and Oracle Audit Vault auditor account names must not be the same. The Oracle Audit Vault Administrator account name is required. Accept the selected Create a Separate Audit Vault Auditor check box to choose to create the Oracle Audit Vault Auditor account name. The check box is selected by default. Deselecting the check box disables the text fields for the Oracle Audit Vault Auditor user name and password. The Oracle Audit Vault Administrator in this case will also be granted the role of Oracle Audit Vault Auditor.

The Oracle Audit Vault Administrator user name will also be used for the following Oracle Database Vault users that are created to facilitate the separation of duties:

There cannot be repeating characters in each password. The length of each password must be between 8 and 30 characters. Each password must consist of at least one alphabetic character, one numeric character, and one of the special characters shown in Table 3-2.

The password entered for the Oracle Audit Vault administrator account will also be used for the standard database accounts (sys, system, sysman, dbsnmp).

The Oracle Audit Vault administrator password will also be used for the Oracle Database Vault users (Database Vault Owner and the Database Vault Account Manager users) that are created to facilitate the separation of duties.

Each password must be identical to its corresponding password confirmation.

After entering the required information, click Next to continue with the installation. The Next button is enabled only when information has been entered for all required fields. Validation of information is done on all user input after you click Next. The installation process will not continue until all required input passes validation.

If this is the first installation of an Oracle product on the system, then the Oracle Universal Installer displays the Specify inventory directory and credentials page, where you must enter the Inventory directory location and the OS group name, then click Next.

Review the installation prerequisite checks on the Prerequisite Check page. This is when all installation prerequisite checks are performed and the results are displayed. Verify that all prerequisite checks succeed, then click Next.

Oracle Universal Installer checks the system to verify that it is configured correctly to run Oracle software. If you have completed all of the preinstallation steps in this guide, all of the checks should pass.

If a check fails, then review the cause of the failure listed for that check on the screen. If possible, rectify the problem and rerun the check. Alternatively, if you are satisfied that your system meets the requirements, then you can select the check box for the failed check to manually verify the requirement.

Review the installation summary information on the Basic Installation Summary page. After reviewing this installation information, click Install to begin the installation procedure. The installation will copy files, link binaries, apply patches, run configuration assistants, including DBCA to create and start the Audit Vault Server, DVCA to secure the server, and AVCA to configure and start Oracle Audit Vault Console.

At the end of running DBCA to configure the software and create the database, a message displays, click OK to continue.

Provide information or run scripts as the root user when prompted by Oracle Universal Installer. If you need assistance during installation, click Help. If you encounter problems during installation, then examine the Oracle Universal Installer actions recorded in the installation log file. The log file is located in the cfgtoollogs/oui directory, in the following location:

$ORACLE_HOME/cfgtoollogs/oui/installActionsdate_time.log

After the installation completes, take note of the Oracle Enterprise Manager Database Control URL and the Oracle Audit Vault Console URL. On the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit Oracle Universal Installer.

This section describes the advanced installation for both the single instance installation and the Oracle RAC installation.

See Section 2.12 for important information about setting the correct locale.

Perform the following procedures to install Oracle Audit Vault.

Run Oracle Universal Installer (OUI) to install Oracle Audit Vault.

Log in as the oracle user. Alternatively, switch user to oracle using the su - command. Change your current directory to the directory containing the installation files. Start Oracle Universal Installer from the Oracle Audit Vault package.

Oracle Universal Installer starts up by first checking the following installation requirements and displaying the results. For example, it shows what the value should be or must be greater than or at least equal to, then the actual value for each check and the check result status: Passed or Failed.

Enter the following information on the Advanced Installation Details screen. See Section 3.6 for more information about each of these topics.

Audit Vault Name – A unique name for the Audit Vault database. The Oracle Audit Vault name is required. For single instance installation, the name will be used as the database SID, and will be the first portion (db_name) of the database service name. For an Oracle RAC installation, the name will be used to derive the Oracle RAC database SID of each Oracle RAC node, and will be the first portion (db_name) of the database service name.

Audit Vault Home – Specify or browse to find the path to the Oracle Audit Vault home where you want to install Oracle Audit Vault.

Audit Vault Administrator and Audit Vault Auditor – the account name of the Oracle Audit Vault administrator and a separate, optional Oracle Audit Vault auditor, respectively. The Oracle Audit Vault administrator and Oracle Audit Vault auditor account names cannot be the same. The Oracle Audit Vault Administrator account name is required. Accept the selected Create a Separate Audit Vault Auditor check box to choose to create the Oracle Audit Vault auditor account name. The check box is selected by default. Deselecting the check box disables the text fields for the Oracle Audit Vault auditor user name and password. The Oracle Audit Vault administrator in this case will also be granted the role of Oracle Audit Vault Auditor.

There cannot be repeating characters in each password. The length of each password must be between 8 and 30 characters. Each password must consist of at least one alphabetic character, one numeric character, and one of the special characters shown in Table 3-2.

Each password must be identical to its corresponding password confirmation.

After entering the required information, click Next to continue with the installation. The Next button is enabled only when information has been entered for all required fields. Validation of information is done on all user input after you click Next. The installation process will not continue until all required input passes validation.

If this is the first installation of an Oracle product on the system, then the Oracle Universal Installer displays the Specify inventory directory and credentials page, where you must enter the Inventory directory location and the OS group name, then click Next.

Enter the following information on the Database Vault User Credentials screen. See Section 3.6.2 for more information about each of these topics.

Database Vault Owner and Database Vault Account Manager – The account name of the Database Vault Owner and a separate, optional Database Vault Account Manager, respectively. The Database Vault Owner, Database Vault Account Manager, Oracle Audit Vault Administrator, and Oracle Audit Vault Auditor account names must not be the same (applicable when a separate Oracle Audit Vault Auditor or Database Vault Account Manager account is created). The Database Vault Owner name is required. Accept the selected Create a Separate Database Vault Account Manager check box to choose to create the Database Vault Account Manager account name. The check box is selected by default. Deselecting the check box disables the text fields for the Database Vault Account Manager user name and password. The Database Vault Owner in this case will also be granted the role of Database Vault Account Manager.

There cannot be repeating characters and space characters in each password. The length of each password must be between 8 and 30 characters. Each password must consist of at least one alphabetic character, one numeric character, and one of the special characters shown in Table 3-2.

Each password must be identical to its corresponding password confirmation.

After entering the required information, click Next to continue with the installation. The Next button is enabled only when information has been entered for all required fields. Validation of information is done on all user input after you click Next. The installation process will not continue until all required input passes validation.

If you are installing on a clustered system (Oracle Clusterware is installed and the system is already part of a cluster), the Node Selection screen appears from which to select the nodes on which Oracle Audit Vault will be installed. Local node will always be selected by default. If you are installing Oracle Audit Vault single instance on this local node only, select the Local Only Installation option, then click Next.

If you are installing on a clustered system (Oracle Clusterware is installed and the system is already part of a cluster), select the nodes on which on which Oracle Audit Vault must be installed, then click Next.

Review the installation prerequisite checks on the Prerequisite Check screen. This is when all installation prerequisite checks are performed and the results are displayed. Verify that all prerequisite checks succeed, then click Next.

Oracle Universal Installer checks the system to verify that it is configured correctly to run Oracle Database software. If you have completed all of the preinstallation steps in this guide, all of the checks should pass.

If a check fails, then review the cause of the failure listed for that check on the screen. If possible, rectify the problem and rerun the check. Alternatively, if you are satisfied that your system meets the requirements, then you can select the check box for the failed check to manually verify the requirement.

On the Specify Database Storage Options screen, you can select one of the following storage options: File system, Automatic Storage Management (ASM), or Raw Devices.

If you select the File System, specify or browse to the database file location for the data files. If you select Raw Devices, specify the path or browse to the Raw Devices mapping file. If you select Automated Storage Management (ASM), you must have already installed ASM. Make a selection and click Next.

On the Specify Backup and Recovery Options screen, you can choose either to not enable automated backups or to enable automated backups.

If you select the Do not enable Automated backups option, click Next.

If you select the Enable Automated backups option, then you must specify a Recovery Area Storage. You can choose either to use the File System option or the Automatic Storage Management option.

If you select the File System option, specify a path or browse to the recovery area location. Next, for Backup Job Credentials, enter the operating system credentials (user name and password) of the user account with administrative privileges to be used for the backup jobs, then click Next.

If you select the Automatic Storage Management option, then for Backup Job Credentials, enter the operating system credentials (user name and password) of the user account with administrative privileges to be used for the backup jobs, then click Next.

Next, select the disk group from the existing disk groups. This screen lets you select the disk groups. If the disk group selected has enough free space, by clicking Next, the Specifying Database Schema Password screen is displayed (see Step 9). If the disk group selected does not have enough free space, the Configure Automatic Storage Management page is displayed.

On the Configure Automatic Storage Management screen, you can select the disks to add from the Add Member Disks table by selecting the check box in the Select column for the corresponding disks.

On Solaris Operating System (SPARC 64-Bit) systems, the default path for discovering eligible disks is /dev/rdsk/*. If your disks are located elsewhere, you must change the disk discovery path for the disks to be discovered by Oracle Universal Installer. To change the path, click Change Disk Discovery Path.

On the Specify Database Schema Passwords screen, you can choose to enter different passwords for each privileged database account or select the Use the same passwords for all accounts option. If you choose to enter a set of valid passwords for each privileged database account, enter these passwords. If you select the Use the same passwords for all accounts option, then enter a single valid password. When you are finished, click Next.

Review the installation summary information on the Advanced Installation Summary screen. After reviewing this installation information, click Install to begin the installation procedure. The installation will copy files, link binaries, apply patches, run configuration assistants, including DBCA to create and start the Audit Vault Server, DVCA to secure the server, and AVCA to configure and start Oracle Audit Vault Console.

At the end of running DBCA to configute the software and create the database, a message displays, click OK to continue.

Run scripts as the root user when prompted by Oracle Universal Installer. If you need assistance during installation, click Help. If you encounter problems during installation, then examine the Oracle Universal Installer actions recorded in the installation log file. The log file is located in the cfgtoollogs/oui directory in the following location:

$ORACLE_HOME/cfgtoollogs/oui/installActionsdate_time.log

Note:

The Oracle home name and path that you provide during Oracle Audit Vault installation must bedifferent from the home that you used during the Oracle Clusterware installation. You cannot install Oracle Audit Vault with Oracle RAC software into the same home in which you installed the Oracle Clusterware software.

The following is a list of additional information to note about installation:

If you are not using the ASM library driver (ASMLIB), and you select Automatic Storage Management (ASM) during installation, then ASM default discovery finds all disks that ASMLIB marks as ASM disks.

If you are not using ASMLIB, and you select ASM during installation, then ASM default discovery finds all disks marked /dev/raw/* for which the Oracle software owner user has read/write permission. You can change the disk discovery string during the installation if the disks that you want to use for ASM are located elsewhere.

On the Select Database Management Option page, if you have already completed the Grid Control Management Agent installation, then you can select either Grid or Local Database control. Otherwise, only Local Database control for database management is supported for Oracle RAC. When you use the local Database Control, you can choose the e-mail option and enter the outgoing SMTP server name and e-mail address.

After the installation completes, take note of the Oracle Enterprise Manager Database Control URL and the Oracle Audit Vault Console URL. On the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit Oracle Universal Installer.

After you have completed the part of the installation, proceed to Section 3.7 to perform the postinstallation tasks.

3.5Performing a Silent Installation Using a Response File

Note:

The Basic installation is not supported in silent mode. Silent installation is only supported for the Advanced installation.

Follow these brief steps to perform a silent installation using a response file:

Make sure all prerequisites are met for the installation of Audit Vault Server.

Prepare the Audit Vault Server response file. A template response file can be found at AV_installer_location/response/av.rsp on the Audit Vault Server installation media.

Prepare the response file by entering values for all parameters that are missing in the first part of the response file, then save the file. Note that for single instance installations, RAW storage is not used. Also note that the CLUSTER_NODES parameter must be specified for installing Audit Vault Server in an Oracle RAC environment. Do not edit any values in the second part of either response file.

Set the DISPLAY environment variable to an appropriate value before proceeding with the silent installation. See Section 2.11 for more information.

3.6 Oracle Audit Vault Server Installation Details

This section provides an overview of requested information specific to the Audit Vault Server installation.

An Audit Vault Server installation consists of three options:

Upgrade Existing Audit Vault Server Home – Detects the existence of upgradable Oracle Audit Vault Server homes on the system and enables the upgrade option to the current release. Performs an upgrade on the selected upgradable Audit Vault Server home when this option is selected. See Chapter 4 for more information on performing an upgrade.

Basic Installation – Simplifies the installation process and prompts for a minimal set of inputs, including the name of the Oracle Audit Vault database, the Oracle Audit Vault administrator and optionally the auditor user names and passwords. An Oracle RAC installation is not supported through the Basic Installation option.

Advanced Installation – Offers the user more control and options for the installation process, including storage options and backup options. The Advanced Installation option supports the installation of Audit Vault Server on a cluster.

3.6.1.2 Oracle Audit Vault Home

The Oracle Audit Vault Home is the path that you must specify or browse to find the Oracle Audit Vault home where you want to install Oracle Audit Vault. The path can contain only alphanumeric characters (letters and numbers).

Table 3-2 Special Characters Allowed in the Oracle Audit Vault Home Name

Symbol

Character Name

\

Backslash

/

Slash

-

hyphen

_

Underscore

.

Period

:

Colon

3.6.1.3 Oracle Audit Vault Server Accounts

The Oracle Audit Vault Server installation software prompts you for user names and passwords for the Oracle Audit Vault Administrator user and the separate, optional Oracle Audit Vault Auditor user. In addition, the installation creates an Oracle Database Vault Owner user and a separate, Oracle Database Vault Account Manager for you (basic installation) or the installation prompts you for these user names and passwords (advanced installation). Finally, the installation creates sys, system, sysman, and dbsnmp standard database users for you (basic installation) or the installation prompts for passwords for these users (advanced installation).

You must supply a user name and password for the Oracle Audit Vault administrator user and optionally for the Oracle Audit Vault auditor user during installation. The Create a Separate Audit Vault Auditor check box is selected by default, which means that a separate Oracle Audit Vault Auditor account will be created (and the corresponding user name and password are required). The Oracle Audit Vault Administrator user will be granted the AV_ADMIN role and the Oracle Audit Vault Auditor user will be granted the AV_AUDITOR role. Deselecting this check box means that the Oracle Audit Vault Administrator user will be granted both roles, because the separate Oracle Audit Vault Auditor user will not be created.

The Oracle Audit Vault Administrator account is granted the AV_ADMIN role. The user granted the AV_ADMIN role can manage the postinstallation configuration. This role accesses Oracle Audit Vault services to administer, configure, and manage a running Oracle Audit Vault system. This role registers audit sources. This role has the ability to configure parameters that assist in populating the Oracle Audit Vault data warehouse. For the basic installation, the Oracle Audit Vault Administrator user name is used to generate the following Oracle Database Vault users to facilitate the separation of duties:

For the advanced installation, a Database Vault User Credentials page prompts for the Database Vault Owner account name and password and a separate, optional Database Vault Account Manager account name and password.

The Oracle Audit Vault Auditor account is granted the AV_AUDITOR role. The user granted the AV_AUDITOR role accesses Oracle Audit Vault Reporting and Analysis services to monitor components, detect security risks, create and evaluate alert scenarios, create detail and summary reports of events across systems, and manage the reports. This role manages central audit settings. This role can use the data warehouse services to further analyze the audit data to assist in looking for trends, intrusions, anomalies, and other areas of interest.

The Oracle Audit Vault Administrator, Oracle Audit Vault Auditor, Database Vault Owner, and Database Vault Account Manager user names must not be the same. For the basic installation, the Oracle Audit Vault Administrator user name must be between 2 and 27 characters because the characters "dvo" and "dva" are appended to the Administrator name making the normal upper limit of 30 characters for the user names that are allowed to be 27 characters. For the advanced installation, the Oracle Audit Vault Administrator user name must be between 2 and 30 characters.

The length of the Oracle Audit Vault Auditor user name must be between 2 and 30 characters. Each user name must not be one of the following reserved names.

Names

Names

Names

Names

Names

ACCESS

ADD

ALL

ALTER

AND

ANONYMOUS

ANY

AQ_ADMINISTRATOR_ROLE

AQ_USER_ROLE

ARRAYLEN

AS

ASC

AUDIT

AUTHENTICATEDUSER

AV_ADMIN

AV_AGENT

AV_ARCHIVER

AV_AUDITOR

AV_SOURCE

AVSYS

BETWEEN

BY

CHAR

CHECK

CLUSTER

COLUMN

COMMENT

COMPRESS

CONNECT

CREATE

CTXAPP

CTXSYS

CURRENT

DATE

DBA

DBSNMP

DECIMAL

DEFAULT

DELETE

DELETE_CATALOG_ROLE

DESC

DIP

DISTINCT

DM_CATALOG_ROLE

DMSYS

DMUSER_ROLE

DROP

DV_ACCTMGR

DV_ADMIN

DVF

DV_OWNER

DV_PUBLIC

DV_REALM_OWNER

DV_REALM_RESOURCE

DV_SECANALYST

DVSYS

EJBCLIENT

ELSE

EXCLUSIVE

EXECUTE_CATALOG_ROLE

EXFSYS

EXISTS

EXP_FULL_DATABASE

FILE

FLOAT

FOR

FROM

GATHER_SYSTEM_STATISTICS

GLOBAL_AQ_USER_ROLE

GRANT

GROUP

HAVING

HS_ADMIN_ROLE

IDENTIFIED

IMMEDIATE

IMP_FULL_DATABASE

IN

INCREMENT

INDEX

INITIAL

INSERT

INTEGER

INTERSECT

INTO

IS

JAVA_ADMIN

JAVADEBUGPRIV

JAVA_DEPLOY

JAVAIDPRIV

JAVASYSPRIV

JAVAUSERPRIV

LBAC_DBA

LBACSYS

LEVEL

LIKE

LOCK

LOGSTDBY_ADMINISTRATOR

LONG

MAXEXTENTS

MDDATA

MDSYS

MGMT_USER

MGMT_VIEW

MINUS

MODE

MODIFY

NOAUDIT

NOCOMPRESS

NOT

NOTFOUND

NOWAIT

NULL

NUMBER

OEM_ADVISOR

OEM_MONITOR

OF

OFFLINE

OLAP_DBA

OLAPSYS

OLAP_USER

ON

ONLINE

ONT

OPTION

OR

ORDER

ORDPLUGINS

ORDSYS

OUTLN

OWF_MGR

PCTFREE

PRIOR

PRIVILEGES

PUBLIC

RAW

RECOVERY_CATALOG_OWNER

RENAME

RESOURCE

REVOKE

ROW

ROWID

ROWLABEL

ROWNUM

ROWS

SCHEDULER_ADMIN

SCOTT

SELECT

SELECT_CATALOG_ROLE

SESSION

SET

SHARE

SI_INFORMTN_SCHEMA

SIZE

SMALLINT

SQLBUF

START

SUCCESSFUL

SYNONYM

SYS

SYSDATE

SYSMAN

SYSTEM

TABLE

THEN

TO

TRIGGER

TSMSYS

UID

UNION

UNIQUE

UPDATE

USER

VALIDATE

VALUES

VARCHAR

VARCHAR2

VIEW

WHENEVER

WHERE

WITH

WKPROXY

WKSYS

WK_TEST

WKUSER

WM_ADMIN_ROLE

WMSYS

XDB

XDBADMIN

Each account name cannot contain any of the characters shown in Table 3-2.

For the basic installation, the Oracle Audit Vault Administrator password you enter for the Oracle Audit Vault Administrator account is also used for the standard database accounts (sys, system, sysman, dbsnmp). For the basic installation Details page, the Oracle Audit Vault Administrator user password is also used for the Oracle Database Vault Owner and Oracle Database Vault Account Manager user passwords.

For the advanced installation, the installer can choose individual passwords for each of these database accounts (sys, system, sysman, dbsnmp) or select to use the same password as the Oracle Audit Vault Administrator for all of these accounts. In addition, a Database Vault User Credentials page prompts for the Database Vault Owner user password and for a separate, optional Database Vault Account Manager user password if that user is created.

There cannot be repeating characters in each password. The length of each password must be between 8 and 30 characters. Each password must consist of at least one alphabetic character, one numeric character, and one of the special characters shown in Table 3-3.

The Audit Vault Server installation software prompts you for two accounts that you create during installation. These are the Database Vault Owner account and the separate, optional Database Vault Account Manager account. You must supply an account name and password for the Database Vault Owner account, and optionally for the Database Vault Account Manager account during installation.

The Create a Separate Database Vault Account Manager check box is selected by default, which means that a separate Database Vault Account Manager account will be created (and the corresponding user name and password are required). The Database Vault Owner user will be granted the DV_OWNER role and the Database Vault Account Manager user will be granted the DV_ACCTMGR role. Deselecting this check box means that the Database Vault Owner user will be granted both roles, because the separate Database Vault Account Manager user will not be created.

There must be no repeating characters in each password. There must be no space characters in the password.

The length of each password must be between 8 and 30 characters.

Each password must consist of at least one alphabetic character, one numeric character, and one of the special characters shown in Table 3-2. All other characters are not allowed.

Each password must be identical to its corresponding password confirmation.

3.6.3Advanced Server Installation: Node Selection Screen

The Node Selection screen will appear if you are installing Oracle Audit Vault in an Oracle RAC environment and a clustered system (Oracle Clusterware) is installed and the system is already part of a cluster. On this screen, users can select the nodes on which they want to install Oracle Audit Vault, or they can select a local installation to install Oracle Audit Vault single instance.

If you choose the File System option, then Database Configuration Assistant creates the database files in a directory on a file system mounted on the computer. Oracle recommends that the file system you choose be separate from the file systems used by the operating system or the Oracle software. The file system that you choose can be any of the following:

A file system on a disk that is physically attached to the system

If you are creating a database on basic disks that are not logical volumes or redundant arrays of independent disks (RAID) devices, then Oracle recommends that you follow the Optimal Flexible Architecture (OFA) recommendations and distribute the database files over more than one disk.

A file system on a logical volume manager (LVM) volume or a RAID device

If you are using multiple disks in an LVM or RAID configuration, then Oracle recommends that you use the stripe and mirror everything (SAME) methodology to increase performance and reliability. Using this methodology, you do not need to specify more than one file system mounting point for database storage.

Automatic Storage Management (ASM) is a high-performance storage management solution for Oracle Audit Vault database files. It simplifies the management of a dynamic database environment, such as creating and laying out databases and managing disk space.

Note:

An existing ASM instance must be installed in order to select the ASM option for database storage.

Automatic Storage Management can be used with a single instance Oracle Audit Vault installation, multiple Oracle Audit Vault installations, and in an Oracle Real Application Clusters (Oracle RAC) environment. Automatic Storage Management manages the storage of all Oracle Audit Vault database files, such as redo logs, control files, data pump export files, and so on.

Raw devices are disk partitions or logical volumes that have not been formatted with a file system. When you use raw devices for database file storage, Oracle Database writes data directly to the partition or volume, bypassing the operating system file system layer. For this reason, you can sometimes achieve performance gains by using raw devices. However, because raw devices can be difficult to create and administer, and because the performance gains over more modern file systems are minimal, Oracle recommends that you choose Automatic Storage Management or file system storage instead of raw devices.

On the Specify Backup and Recovery screen, you can choose Enable Automated Backups or Do Not Enable Automated Backups.

If you choose Enable Automated Backups, then Oracle Enterprise Manager schedules a daily backup job that uses Oracle Recovery Manager (RMAN) to back up all of the database files to an on-disk storage area called the flash recovery area. The first time that the backup job runs, it creates a full backup of the database. Subsequent backup jobs perform incremental backups, which enable you to recover the database to its state at any point during the preceding 24 hours.

To enable automated backup jobs during installation, you must specify the following information:

The location of the flash recovery area

You can choose to use either a file system directory or an Automatic Storage Management disk group for the flash recovery area. The default disk quota configured for the flash recovery area is 2 GB. For Automatic Storage Management disk groups, the required disk space depends on the redundancy level of the disk group that you choose.

Oracle Enterprise Manager uses the operating system credentials that you specify when running the backup job. The user name that you specify must belong to the Solaris Operating System (SPARC 64-Bit) group that identifies database administrators (the OSDBA group, typically dba). The Oracle software owner user name (typically oracle) that you use to install the software is a suitable choice for this user.

Section 2.6 describes the requirements for the OSDBA group and Oracle software owner user and explains how to create them.

Backup Job Default Settings

If you enable automated backups after choosing one of the preconfigured databases during the installation, then automated backup is configured with the following default settings:

The backup job is scheduled to run nightly at 2:00 a.m.

The disk quota for the flash recovery area is 2 GB.

If you enable automated backups by using Database Configuration Assistant after the installation, then you can specify a different start time for the backup job and a different disk quota for the flash recovery area.

For information about using Oracle Enterprise Manager Database Control to configure or customize automated backups or to recover a backed up database, see Oracle Database 2 Day DBA.

On the Specify Database Schema Passwords screen, provide the passwords for the four standard database accounts (sys, system, sysman, and dbsnmp).

Either enter and confirm passwords for the privileged database accounts, or select the Use the same passwords for all accounts option. Make your selection, then click Next.

3.7Postinstallation Server Tasks

Note:

The use of the Database Configuration Assistant (DBCA) to configure additional components after an Audit Vault Server installation is not supported. Oracle Audit Vault installs with all of the components that it requires already configured, so no additional components need to be configured using DBCA.

Creation of additional databases in the Oracle Audit Vault home is not supported.

In the list of articles that appears, search for the phrase Mandatory Patches, and then look for any patches that apply to the current release of Oracle Audit Vault.

Select the article and then read the associated summary text that describes the patch contents.

Under In this Document, click Patches.

The Patches section lists the patches that you must apply.

Click the link for the first patch.

The Download page for the first page appears.

Click View Readme to read about the patch details, and then click Download to download the patch to your computer.

Repeat Step 7 through Step 8 for each patch listed in the Patches section.

Note:

No Oracle Database one-off patches should be applied to the Oracle Audit Vault database unless directed to do so by Oracle Support Services.

3.7.2Download Critical Patch Updates

A critical patch update (CPU) is a collection of patches for security vulnerabilities. It includes non-security fixes required (because of interdependencies) by those security patches. Critical patch updates are cumulative, and they are provided quarterly on the Oracle Technology Network. You should periodically check OracleMetaLink for critical patch updates.

In the list of articles that appears, search for the phrase Oracle Critical Patch Update.

Select the most recent critical patch update article, and then read its instructions.

Download the most recent critical patch update for Oracle Audit Vault. In most critical patch update articles, there is section entitled "Patch Download Procedure," which explains how to download the critical patch update.

3.7.3Reset User Passwords

Audit Vault Server uses the password you enter for the Oracle Audit Vault administrator as the password for core database accounts such as SYS, SYSTEM, SYSMAN, and DBSNMP in a basic installation. For an advanced installation, the user is given the option of changing the password for each of these accounts.

For a basic installation, Oracle Audit Vault Server also uses the same Oracle Audit Vault Administrator password for the AV_ADMINdvo account, the Database Vault Owner (granted DV_OWNER role), to manage Database Vault roles and configuration and the AV_ADMINdva account, and the Database Vault Account Manager (granted DV_ACCTMGR role), to manage database user accounts. You must change these passwords according to your company policies.

For an advanced installation, Audit Vault Server uses the Database Vault Owner user password and the separate, optional Database Vault Account Manager user password for these users. You must change these passwords according to your company policies.

3.7.3.1Using SQL*Plus to Reset Passwords

To reset user account passwords using SQL*Plus:

Start SQL*Plus and log in as AV_ADMINdva account.

Enter a command similar to the following, where password is the new password:

3.7.4Enable or Disable Connections with the SYSDBA Privilege

To disable remote SYSDBA connections, re-create the password file with the nosysdba flag set to y (Yes). A user can still log in AS SYSDBA locally using Operating System (OS) authentication. However, remote connections AS SYSDBA will fail.

Under a cluster file system and raw devices, the password file under $ORACLE_HOME is in a symbolic link that points to the shared storage location in the default configuration. In this case, the orapwd command that you issue affects all nodes.

After installing Oracle Audit Vault for a Oracle Real Application Clusters (Oracle RAC) instance, you must run Database Vault Configuration Assistant (DVCA) with the -action optionrac switch on all other Oracle RAC nodes. This sets instance parameters and disables SYSDBA operating system authentication.

You must run this command on all Oracle RAC nodes other than the node on which the Oracle Audit Vault installation is performed. This step is required to enable the enhanced security features provided by Oracle Database Vault.

Note:

The listener and database instance should be running on the nodes on which you run DVCA.

action is the action to perform. The optionrac utility performs the action of updating the instance parameters for the Oracle RAC instance and optionally disabling SYSDBA operating system access for the instance.

racnode is the host name of the Oracle RAC node on which the action is being performed. Do not include the domain name with the host name.

oh is the Oracle home for the Oracle RAC instance.

jdbc_str is the JDBC connection string used to connect to the database. For example, "jdbc:oracle:oci:@orcl1".

sys_password is the password for the SYS user.

logfile is optionally used to specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME/bin directory.

silent is required if you are not running DVCA in an Xterm window.

nodecrypt reads plain text passwords as passed on the command line.

lockout is used to disable SYSDBA operating system authentication.

Note:

You can reenable SYSDBA access by re-creating the password file with the nosysdba flag set to n (No). The orapwd utility enables you to do this.

After running DVCA, stop and restart the instance and database listener on all cluster nodes. This step is also applicable to the node on which Oracle Audit Vault was installed. Use the following commands:

Copy the IBM Data Server Driver for JDBC and SQLJ (db2jcc.jar) to the $ORACLE_HOME/jlib directories in both the Audit Vault Server and Audit Vault Agent homes. Oracle Audit Vault requires version 3.50 or later of the driver. This version of the db2jcc.jar file is available in either IBM DB2 UDB version 9.5 or IBM DB2 Connect version 9.5 or later.

This driver provides high performance native access to IBM DB2 database data sources. The DB2 collector uses this driver to collect audit data from IBM DB2 databases, so the driver must be present in Oracle Audit Vault OC4J before you can start the agent OC4J.

3.7.7Log In to Oracle Audit Vault Console

Use the following instructions to log in to the Oracle Audit Vault Console:

On the node from which you installed the database, open a Web browser to access the Oracle Audit Vault Console URL, and use the following URL syntax:

http://host:port/av

In the preceding example:

host is the name of the computer on which you installed Oracle Audit Vault Database.

port is the port number reserved for the Oracle Audit Vault Console during installation.

If you do not know the correct port number to use, then perform the following steps in the Audit Vault Server home shell: